riddle-quiz-maker

SUSPICIOUS. The skill is broadly coherent with its stated purpose, and the CLI comes from the official npm registry rather than an obviously rogue source. However, all authentication and Riddle Quiz Maker access are mediated through Membrane, a third-party platform, and the skill encourages dynamic action creation plus unpinned `@latest` CLI execution. This is not confirmed malware, but it carries meaningful trust and account-scope risk due to credential delegation, intermediary data flow, and the ability to perform live account actions.